kmod, kvm security update

2015-04-22T14:47:16
ID CESA-2015:0869
Type centos
Reporter CentOS Project
Modified 2015-04-22T14:47:16

Description

CentOS Errata and Security Advisory CESA-2015:0869

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.

It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610)

A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611)

Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue.

All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2015-April/021085.html

Affected packages: kmod-kvm kmod-kvm-debug kvm kvm-qemu-img kvm-tools

Upstream details at: https://rhn.redhat.com/errata/RHSA-2015-0869.html